Vulnerability Development mailing list archives

RE: bug w2k

From: "Eugene Bodenstein" <evgeny () abirnet co il>
Date: Tue, 31 Jul 2001 12:33:28 +0200

It works on w2k Advanced Server, Pro, Server, sp1/sp2, nt4/sp6, with and
without administration rights.
It works on gost w2k on vmware.
It doesn'n work on Whistler 64 bit Beta 1, XP Pro beta 1, XP pro RC1.
(Seems to they fixed this bug)
It doesn't attached to ping only.
Can it be some kind of bouffer overflow?

Eugene Bodenstein
Computer Associates
Network Administrator
tel: +972-4-959-0660
fax:+972-4-959-0661
bodeu01 () ca com



-----Original Message-----
From: kam [mailto:kam () aversion net] 
Sent: Monday, July 30, 2001 7:23 PM
To: vuln-dev () securityfocus com
Subject: Re: bug w2k


I've been able to make it work using both an administrator account and a
non-administrator account. (That is, a user account with administrator
privlleges, and one without.)

Windows 2K 5.00.2195
SP 2
Hotfixes current.

kam


----- Original Message -----
From: "Mark Saum" <msaum () fidelisconsulting com>
To: <VULN-DEV () securityfocus com>
Sent: Saturday, July 28, 2001 4:37 PM
Subject: RE: bug w2k

I've verified this to work on Win2K Pro SP2.  It took 3 F7s and my 
system hard-booted as if I had hit the reset button.

On a Win2K Server SP2 on a terminal session (administrator mode) it

doesn't

crash the box.  However:
 - You can create a "cmd.exe" session that is unkillable
 - You can't log off that session
 - You can't kill that session or "cmd.exe" process from the console
(taskmgr.exe)
 - You can't log the user off from Terminal Services Manager
 - You can't create another instance of "cmd.exe" in that terminal 
session
 - A reboot is required to kill the session.

Regards,

Mark Saum

Fidelis Consulting Corporation
Dallas, TX

-----Original Message-----
From: SIFFREDI DANIEL [mailto:DSIFFREDI () nacion-afjp com ar]
Sent: Friday, July 27, 2001 2:45 PM
To: 'bugtraq () securityfocus com'
Subject: bug w2k


Hello, this is a new bug found in W2K in all flavors, works with all

levels

of users.

Here is the proof of concept:

Open a Cmd Window
Ping to any host (for example ping 10.100.2.1 preferred a host in your

LAN),

no switch needed. Just ping
Now press F7 and Enter (try a couple of times quickly...less than ten 
,

and

you can see what a meaning)
The machine reboots, from nothing a warm reboot.
Please let me know if you have the same bug. I tried this in W2k sp2

English

and Spanish.


Daniel Siffredi
Administrador de Red de Microinformatica.
Nacion AFJP SA

Current thread:

RE: bug w2k Mark Saum (Jul 30)
- Re: bug w2k Blue Boar (Jul 30)
  - Re: bug w2k ANdrei (Jul 30)
  - Re: bug w2k Robert Kinsey - VIS Contractor (Jul 30)
- Re: bug w2k kam (Jul 30)
  - RE: bug w2k Eugene Bodenstein (Jul 31)
- <Possible follow-ups>
- RE: bug w2k Jon Westmuckett (Jul 30)
  - Re: bug w2k ANdrei (Jul 30)
    - Re: bug w2k jan (Jul 30)
  - Re: bug w2k cdowns (Jul 30)
    - Re: bug w2k Nexus (Jul 30)
- Re: bug w2k Przemyslaw Frasunek (Jul 30)
  - Re: bug w2k stefmit (Jul 30)
- RE: bug w2k Corwin, George (Jul 30)
- RE: bug w2k Edwin Concepcion (Jul 30)
- RE: bug w2k Ross Lotharius (Jul 30)